The Global Mail recently took an in-depth look at allegations that hackers may have infiltrated iTunes accounts. According to that investigation, there's something fishy going on at iTunes.
An Apple Support Communities thread titled "iTunes store account hacked", which currently includes 73 pages of more than 1,080 replies, details users' complaints about mysterious charges stretching all the way back to November 2010. Many of these comments are from users reporting what appear to be third-party purchases made from PayPal accounts, credit cards and gift cards linked to their iTunes accounts, as well as unexplained changes in their account information.
Here are two examples of complaints on the "iTunes store account hacked" thread:
I've been hacked twice in the last couple of days. Amount deducted from my gift card credit. Apple told me it must have been an in-app I downloaded by accident. Rubbish!!!! Not impresseed -- crimsonfox62
I was just hacked too... My account is linked to my PayPal that's linked to my checking and they literally stole all of my money in my checking account. Already sent in the support ticket, not very happy at this point. -- elitez28
According to The Global Mail Apple has yet to acknowledge or even comment on whether iTunes accounts may have been compromised, even though users have been reporting discrepancies for over a year. When The Global Mail contacted Apple, the company responded with a generic reply about security but did not address the specific concerns that had been raised.
Apple takes precautions to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, disclosure, alteration and destruction. Apple online services such as the Apple Online Store and iTunes Store use Secure Sockets Layer encryption on all web pages where personal information is collected.
Although many of the people who have claimed they were hacked report similar experiences -- such as the types of apps purchased with the stolen funds, and similar changes to account information --The Global Mail speculates that there is just enough variation among the individual hacks to allow Apple to assert that they are not linked.
According to comments on Support Communities thread, the amount of money stolen has ranged from a few cents to $500. Some users also report that Apple refunded the charges.
Apple Insider speculates that the iTunes gift card algorithm may have been compromised and compares this problem to an earlier attack on iTunes. "In 2009, iTunes gift vouchers surfaced on Chinese websites for pennies on the dollar after hackers allegedly discovered a way to generate codes," writes Apple Insider.
In 2011, 50,000 iTunes accounts were reportedly hacked and sold through a Chinese auction site. Chinese newspaper The Global Times purchased one such account for about $5 and found that it was linked to someone's credit card in the United States.